naftiko: 1.0.0-alpha2 info: label: 'Prisma Cloud: Managed Security Service Provider (MSSP) — User Management' description: 'Prisma Cloud: Managed Security Service Provider (MSSP) — User Management. 8 operations. Lead operation: Palo Alto Networks List Users. Self-contained Naftiko capability covering one Palo Alto Networks business surface.' tags: - Palo Alto Networks - User Management created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY capability: consumes: - type: http namespace: palo-alto-prisma-cloud-mssp-user-management baseUri: https://mssp-api.prismacloud.io description: 'Prisma Cloud: Managed Security Service Provider (MSSP) — User Management business capability. Self-contained, no shared references.' resources: - name: api-v1-mssp-mssp-id-user path: /api/v1/mssp/{mssp-id}/user operations: - name: listusers method: GET description: Palo Alto Networks List Users outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: next_page_token in: query type: string description: Token to fetch next page. Max pagesize is 60. - name: mssp-id in: path type: string description: The id of the MSSP of interest required: true - name: createuser method: POST description: Palo Alto Networks Create a New User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: mssp-id in: path type: string description: the id of the MSSP of interest required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-v1-mssp-mssp-id-user-username path: /api/v1/mssp/{mssp-id}/user/{username} operations: - name: getuser method: GET description: Palo Alto Networks Get User by Username outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: username in: path type: string description: username of the user required: true - name: mssp-id in: path type: string description: the id of the MSSP of interest required: true - name: updateuser method: PUT description: Palo Alto Networks Update an Existing User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: username in: path type: string description: username of the user required: true - name: mssp-id in: path type: string description: the id of the MSSP of interest required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuser method: DELETE description: Palo Alto Networks Delete an Existing User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: username in: path type: string description: Username of the user required: true - name: mssp-id in: path type: string description: the id of the MSSP of interest required: true - name: api-v1-user-username-credential path: /api/v1/user/{username}/credential operations: - name: resetpassword method: PUT description: Palo Alto Networks Change Password outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: username in: path type: string description: Username required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-v1-user-username-credential-reset-token path: /api/v1/user/{username}/credential/reset-token operations: - name: resettoken method: GET description: Palo Alto Networks Generate Password Reset Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: username in: path type: string description: Username required: true - name: api-v1-user-username-credential-reset-token-validate path: /api/v1/user/{username}/credential/reset-token/validate operations: - name: validatetoken method: POST description: Palo Alto Networks Validate Forgot Password Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: username in: path type: string description: Username required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.PALO_ALTO_NETWORKS_API_KEY}}' exposes: - type: rest namespace: palo-alto-prisma-cloud-mssp-user-management-rest port: 8080 description: 'REST adapter for Prisma Cloud: Managed Security Service Provider (MSSP) — User Management. One Spectral-compliant resource per consumed operation, prefixed with /v1.' resources: - path: /v1/api/v1/mssp/{mssp-id}/user name: api-v1-mssp-mssp-id-user description: REST surface for api-v1-mssp-mssp-id-user. operations: - method: GET name: listusers description: Palo Alto Networks List Users call: palo-alto-prisma-cloud-mssp-user-management.listusers with: next_page_token: rest.next_page_token mssp-id: rest.mssp-id outputParameters: - type: object mapping: $. - method: POST name: createuser description: Palo Alto Networks Create a New User call: palo-alto-prisma-cloud-mssp-user-management.createuser with: mssp-id: rest.mssp-id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v1/mssp/{mssp-id}/user/{username} name: api-v1-mssp-mssp-id-user-username description: REST surface for api-v1-mssp-mssp-id-user-username. operations: - method: GET name: getuser description: Palo Alto Networks Get User by Username call: palo-alto-prisma-cloud-mssp-user-management.getuser with: username: rest.username mssp-id: rest.mssp-id outputParameters: - type: object mapping: $. - method: PUT name: updateuser description: Palo Alto Networks Update an Existing User call: palo-alto-prisma-cloud-mssp-user-management.updateuser with: username: rest.username mssp-id: rest.mssp-id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuser description: Palo Alto Networks Delete an Existing User call: palo-alto-prisma-cloud-mssp-user-management.deleteuser with: username: rest.username mssp-id: rest.mssp-id outputParameters: - type: object mapping: $. - path: /v1/api/v1/user/{username}/credential name: api-v1-user-username-credential description: REST surface for api-v1-user-username-credential. operations: - method: PUT name: resetpassword description: Palo Alto Networks Change Password call: palo-alto-prisma-cloud-mssp-user-management.resetpassword with: username: rest.username body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v1/user/{username}/credential/reset-token name: api-v1-user-username-credential-reset-token description: REST surface for api-v1-user-username-credential-reset-token. operations: - method: GET name: resettoken description: Palo Alto Networks Generate Password Reset Token call: palo-alto-prisma-cloud-mssp-user-management.resettoken with: username: rest.username outputParameters: - type: object mapping: $. - path: /v1/api/v1/user/{username}/credential/reset-token/validate name: api-v1-user-username-credential-reset-token-validate description: REST surface for api-v1-user-username-credential-reset-token-validate. operations: - method: POST name: validatetoken description: Palo Alto Networks Validate Forgot Password Token call: palo-alto-prisma-cloud-mssp-user-management.validatetoken with: username: rest.username body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: palo-alto-prisma-cloud-mssp-user-management-mcp port: 9090 transport: http description: 'MCP adapter for Prisma Cloud: Managed Security Service Provider (MSSP) — User Management. One tool per consumed operation, routed inline through this capability''s consumes block.' tools: - name: palo-alto-networks-list-users description: Palo Alto Networks List Users hints: readOnly: true destructive: false idempotent: true call: palo-alto-prisma-cloud-mssp-user-management.listusers with: next_page_token: tools.next_page_token mssp-id: tools.mssp-id outputParameters: - type: object mapping: $. - name: palo-alto-networks-create-new description: Palo Alto Networks Create a New User hints: readOnly: false destructive: false idempotent: false call: palo-alto-prisma-cloud-mssp-user-management.createuser with: mssp-id: tools.mssp-id body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-get-user description: Palo Alto Networks Get User by Username hints: readOnly: true destructive: false idempotent: true call: palo-alto-prisma-cloud-mssp-user-management.getuser with: username: tools.username mssp-id: tools.mssp-id outputParameters: - type: object mapping: $. - name: palo-alto-networks-update-existing description: Palo Alto Networks Update an Existing User hints: readOnly: false destructive: false idempotent: true call: palo-alto-prisma-cloud-mssp-user-management.updateuser with: username: tools.username mssp-id: tools.mssp-id body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-delete-existing description: Palo Alto Networks Delete an Existing User hints: readOnly: false destructive: true idempotent: true call: palo-alto-prisma-cloud-mssp-user-management.deleteuser with: username: tools.username mssp-id: tools.mssp-id outputParameters: - type: object mapping: $. - name: palo-alto-networks-change-password description: Palo Alto Networks Change Password hints: readOnly: false destructive: false idempotent: true call: palo-alto-prisma-cloud-mssp-user-management.resetpassword with: username: tools.username body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-generate-password description: Palo Alto Networks Generate Password Reset Token hints: readOnly: true destructive: false idempotent: true call: palo-alto-prisma-cloud-mssp-user-management.resettoken with: username: tools.username outputParameters: - type: object mapping: $. - name: palo-alto-networks-validate-forgot description: Palo Alto Networks Validate Forgot Password Token hints: readOnly: true destructive: false idempotent: false call: palo-alto-prisma-cloud-mssp-user-management.validatetoken with: username: tools.username body: tools.body outputParameters: - type: object mapping: $.